144 lines
5.3 KiB
PHP
144 lines
5.3 KiB
PHP
<?php
|
|
/**
|
|
* Approve Invoice & Submit to JoFotara
|
|
*/
|
|
|
|
use App\Core\Database;
|
|
use App\Core\JoFotara;
|
|
use App\Core\AuditLogger;
|
|
use App\Middleware\AuthMiddleware;
|
|
use App\Middleware\RoleMiddleware;
|
|
use App\Middleware\CompanyAccessMiddleware;
|
|
|
|
// Only admin, accountant, and super_admin can approve. Viewers cannot.
|
|
$decoded = RoleMiddleware::require(['super_admin', 'admin', 'accountant']);
|
|
$db = Database::getInstance();
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
$id = $data['id'] ?? null;
|
|
|
|
if (!$id) {
|
|
json_error('Invoice ID is required', 422);
|
|
}
|
|
|
|
try {
|
|
$db->beginTransaction();
|
|
|
|
// 1. Fetch Invoice & Company
|
|
$stmt = $db->prepare("
|
|
SELECT i.*, c.name as company_name, c.tax_identification_number as company_tin,
|
|
c.address as company_address, c.jofotara_client_id_encrypted, c.jofotara_secret_key_encrypted
|
|
FROM invoices i
|
|
JOIN companies c ON i.company_id = c.id
|
|
WHERE i.id = ? FOR UPDATE
|
|
");
|
|
$stmt->execute([$id]);
|
|
$invoice = $stmt->fetch();
|
|
|
|
if (!$invoice) json_error('Invoice not found', 404);
|
|
if ($invoice['status'] === 'approved') json_error('Already approved', 400);
|
|
|
|
// 2. Fetch Line Items
|
|
$stmtLines = $db->prepare("SELECT * FROM invoice_lines WHERE invoice_id = ?");
|
|
$stmtLines->execute([$id]);
|
|
$invoice['items'] = $stmtLines->fetchAll();
|
|
|
|
// 3. Decrypt Company Keys for JoFotara
|
|
$clientId = \App\Core\Encryption::decrypt($invoice['jofotara_client_id_encrypted'] ?? '');
|
|
$secretKey = \App\Core\Encryption::decrypt($invoice['jofotara_secret_key_encrypted'] ?? '');
|
|
|
|
$jofotara = new JoFotara();
|
|
$apiResponse = ['success' => false];
|
|
$xmlContent = null;
|
|
|
|
// 4. Try JoFotara Submission if credentials exist
|
|
if ($clientId && $secretKey) {
|
|
$companyData = [
|
|
'name' => $invoice['company_name'],
|
|
'tax_identification_number' => $invoice['company_tin'],
|
|
'address' => $invoice['company_address']
|
|
];
|
|
|
|
// Decrypt Buyer Info for XML
|
|
$invoice['buyer_name'] = \App\Core\Encryption::decrypt($invoice['buyer_name'] ?? '') ?: ($invoice['buyer_name'] ?? '');
|
|
$invoice['buyer_tin'] = \App\Core\Encryption::decrypt($invoice['buyer_tin'] ?? '') ?: ($invoice['buyer_tin'] ?? '');
|
|
|
|
$xmlContent = $jofotara->generateXML($invoice, $companyData);
|
|
$apiResponse = $jofotara->submitInvoice($xmlContent, $clientId, $secretKey);
|
|
}
|
|
|
|
// 5. Fallback: Generate Local QR if API failed or no credentials
|
|
$qrCode = $apiResponse['qrCode'] ?? $jofotara->generateQRCode([
|
|
'supplier_name' => $invoice['company_name'],
|
|
'supplier_tin' => $invoice['company_tin'],
|
|
'invoice_date' => $invoice['invoice_date'],
|
|
'grand_total' => $invoice['grand_total'],
|
|
'tax_amount' => $invoice['tax_amount']
|
|
]);
|
|
|
|
// 6. Record Submission (Audit Log)
|
|
$submissionId = \App\Core\Database::generateUuid();
|
|
$stmtSub = $db->prepare("
|
|
INSERT INTO jofotara_submissions
|
|
(id, invoice_id, company_id, tenant_id, xml_payload, xml_hash,
|
|
jofotara_uuid, qr_code_raw, response_code, response_body, status, submitted_at)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())
|
|
");
|
|
|
|
$status = $apiResponse['success'] ? 'accepted' : 'error';
|
|
$stmtSub->execute([
|
|
$submissionId,
|
|
$id,
|
|
$invoice['company_id'],
|
|
$invoice['tenant_id'],
|
|
$xmlContent,
|
|
$xmlContent ? hash('sha256', $xmlContent) : null,
|
|
$apiResponse['uuid'] ?? null,
|
|
$qrCode,
|
|
$apiResponse['_http_code'] ?? '0',
|
|
json_encode($apiResponse['raw'] ?? ['info' => 'Local approval / No credentials']),
|
|
$status
|
|
]);
|
|
|
|
// 7. Update Invoice
|
|
$updateStmt = $db->prepare("
|
|
UPDATE invoices SET status = 'approved', jofotara_uuid = ?, qr_code = ?, updated_at = NOW() WHERE id = ?
|
|
");
|
|
$updateStmt->execute([$apiResponse['uuid'] ?? null, $qrCode, $id]);
|
|
|
|
$db->commit();
|
|
|
|
json_success([
|
|
'message' => $apiResponse['success'] ? 'تم الاعتماد والإرسال إلى جوفوترة بنجاح' : 'تم الاعتماد محلياً (نظام جوفوترة غير متصل)',
|
|
'uuid' => $apiResponse['uuid'] ?? null,
|
|
'qr_code' => $qrCode,
|
|
'is_api_success' => $apiResponse['success']
|
|
]);
|
|
|
|
AuditLogger::log('invoice.approved', 'invoice', $id, [
|
|
'old_status' => $invoice['status'],
|
|
], [
|
|
'new_status' => 'approved',
|
|
'jofotara_uuid' => $apiResponse['uuid'] ?? null,
|
|
'api_success' => $apiResponse['success'],
|
|
], $decoded);
|
|
|
|
// Smart Notifications
|
|
\App\Services\SmartNotifications::invoiceApproved(
|
|
$invoice['tenant_id'], $invoice['uploaded_by'] ?? $decoded['user_id'],
|
|
$id, $invoice['invoice_number'] ?? $id
|
|
);
|
|
\App\Services\SmartNotifications::checkQuotaWarning($invoice['tenant_id']);
|
|
|
|
// Gamification
|
|
\App\Services\GamificationService::award($decoded['user_id'], $invoice['tenant_id'], 'invoice_approved');
|
|
if ($apiResponse['success'] ?? false) {
|
|
\App\Services\GamificationService::award($decoded['user_id'], $invoice['tenant_id'], 'jofotara_submitted');
|
|
}
|
|
|
|
} catch (\Exception $e) {
|
|
if ($db->inTransaction()) $db->rollBack();
|
|
error_log("JoFotara Approve Error: " . $e->getMessage());
|
|
safe_error($e, 'invoices/approve');
|
|
}
|